findit
String m = String.valueOf(x)
valueOf()将不同类型数据转换为字符串
m.equals(edit.getText().toString())
edit.getText()通常用于从用户界面中获取文本输入,toString()方法将其转换为字符串,然后使用equals()方法进行比较
我改成了c++代码,结果有问题
改成python,跑出来了
a = ['T', 'h', 'i', 's', 'I', 's', 'T', 'h', 'e', 'F', 'l', 'a', 'g', 'H', 'o', 'm', 'e']
b = ['p', 'v', 'k', 'q', '{', 'm', '1', '6', '4', '6', '7', '5', '2', '6', '2', '0', '3', '3', 'l', '4', 'm', '4', '9', 'l', 'n', 'p', '7', 'p', '9', 'm', 'n', 'k', '2', '8', 'k', '7', '5', '}']
x = [''] * 17
y = [''] * 38
for i in range(17):
if (a[i] < 'I' and a[i] >= 'A') or (a[i] < 'i' and a[i] >= 'a'):
x[i] = chr(ord(a[i]) + 18)
elif (a[i] >= 'A' and a[i] <= 'Z') or (a[i] >= 'a' and a[i] <= 'z'):
x[i] = chr(ord(a[i]) - 8)
else:
x[i] = a[i]
for i2 in range(38):
if (b[i2] >= 'A' and b[i2] <= 'Z') or (b[i2] >= 'a' and b[i2] <= 'z'):
y[i2] = chr(ord(b[i2]) + 16)
if (y[i2] > 'Z' and y[i2] < 'a') or y[i2] >= 'z':
y[i2] = chr(ord(y[i2]) - 26)
else:
y[i2] = b[i2]
# 输出字符列表中的所有元素
print(''.join(y))
# flag{c164675262033b4c49bdf7f9cda28a75}
[FlareOn4]login
是个html代码,输入flag的,看不太懂
<!DOCTYPE Html />
<html>
<head>
<title>FLARE On 2017</title>
</head>
<body>
<input type="text" name="flag" id="flag" value="Enter the flag" />
<input type="button" id="prompt" value="Click to check the flag" />
<script type="text/javascript">
document.getElementById("prompt").onclick = function () {
var flag = document.getElementById("flag").value;
var rotFlag = flag.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);});
if ("PyvragFvqrYbtvafNerRnfl@syner-ba.pbz" == rotFlag) {
alert("Correct flag!");
} else {
alert("Incorrect flag, rot again");
}
}
</script>
</body>
</html>
gpt转换一下, 其实也就是凯撒密码,偏移量为13
enc='PyvragFvqrYbtvafNerRnfl@syner-ba.pbz'
for i in range(len(enc)):
k=ord(enc[i])
if 65<=k<=90:
if k-13<65:
print(chr(k-13+26),end='')
else:
print(chr(k-13),end='')
elif 97<=k<=122:
if k-13<97:
print(chr(k-13+26),end='')
else:
print(chr(k-13),end='')
else:
print(enc[i],end='')
# ClientSideLoginsAreEasy@flare-on.com
[WUSTCTF2020]level1
ptr = [198, 232, 816, 200, 1536, 300, 6144, 984, 51200, 570, 92160,
1200, 565248, 756, 1474560, 800, 6291456, 1782, 65536000]
for i in range(19):
if (i+1) & 1:
print(chr(ptr[i] >> (i+1)), end="")
else:
print(chr(ptr[i] // (i+1)), end="")
或者
key = [0,198,232,816,200,1536,300,6144,984,51200,570,92160,1200,565248,
756,1474560,800,6291456,1782,65536000]
for i in range(1,20)://i是从1开始的。
if i%2 == 1:
print(chr(key[i] >> i),end='')
else:
print(chr(key[i]//(整除符)i),end='')、
[WUSTCTF2020]level2
还是是不能有那个括号,去除了就成功了。
flag就出来了。
[WUSTCTF2020]level3
简单替换后,解密得到flag
import base64
table='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
enc='d2G0ZjLwHjS7DmOzZAY0X2lzX3CoZV9zdNOydO9vZl9yZXZlcnGlfD=='
hh=list(table)
for i in range(10):
v1=table[i]
hh[i]=hh[19-i]
hh[19-i]=v1
print(''.join(hh))
str='TSRQPONMLKJIHGFEDCBAUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
print(base64.b64decode(enc.translate(str.maketrans(str,table))))
[ACTF新生赛2020]rome
strcpy(v12, "Qsw3sj_lz4_Ujw@l");
printf("Please input:");
scanf("%s", &input);
result = input;
if ( input == 'A' )
{
result = v3;
if ( v3 == 'C' )
{
result = v4;
if ( v4 == 'T' )
{
result = v5;
if ( v5 == 'F' )
{
result = v6;
if ( v6 == '{' )
{
result = v11;
if ( v11 == '}' )
{
v1[0] = v7;
v1[1] = v8;
v1[2] = v9;
v1[3] = v10;
*&v12[17] = 0;
while ( *&v12[17] <= 15 )
{
if ( *(v1 + *&v12[17]) > 64 && *(v1 + *&v12[17]) <= 90 )// A-Z
*(v1 + *&v12[17]) = (*(v1 + *&v12[17]) - 51) % 26 + 65;
if ( *(v1 + *&v12[17]) > 96 && *(v1 + *&v12[17]) <= 122 )// a-z
*(v1 + *&v12[17]) = (*(v1 + *&v12[17]) - 79) % 26 + 97;
++*&v12[17];
}
*&v12[17] = 0;
while ( *&v12[17] <= 15 )
{
result = v12[*&v12[17]];
if ( *(v1 + *&v12[17]) != result )
return result;
++*&v12[17];
}
return printf("You are correct!");
}
}
}
}
}
}
看到有取模,嗯就想到了爆破,并且%26+65肯定还是大写字母,范围没变。
enc='Qsw3sj_lz4_Ujw@l'
for i in range(len(enc)):
k=ord(enc[i])
if 65<=k<=90:
for m in range(65,91,1):
if k==(m-51)%26+65:
print(chr(m),end='')
break
elif 97<=k<=122:
for n in range(97,123,1):
if k==(n-79)%26+97:
print(chr(n),end='')
break
else:
print(enc[i],end='')
[FlareOn4]IgniteMe
汇编语言指令 ROL
循环左移指令:ROL DEST,COUNT
指令功能:把目的地址中的数据循环左移COUNT次,每次从最高位(最左)移出的数据位都补充到最低位(最右),最后从最高位(最左)移出的数据位保存到CF标志位。
标志位影响:CF标志用于保存最后从最高位移出的数据位。如果COUNT=1,OF标志有意义,如果移位前后数据的符号位发生了变化,OF=1;如果符号位没有发生变化,OF=0。如果COUNT>1,OF标志不确定(没有意义)。
(unsigned __int16)__ROL4__(0x80070000, 4) >> 1; ROL4就是左移4位,v4=00700004
v4本来等于0x00700004的,我的理解是:因为目标字符里面都是两位的,其实v4也应该保留两位,不然就行不通
嗯,突然想到不知道这个汇编指令,也可以通过动调,找到这个值
byte30=[0x0D, 0x26, 0x49, 0x45, 0x2A, 0x17, 0x78, 0x44, 0x2B, 0x6C,
0x5D, 0x5E, 0x45, 0x12, 0x2F, 0x17, 0x2B, 0x44, 0x6F, 0x6E,
0x56, 0x09, 0x5F, 0x45, 0x47, 0x73, 0x26, 0x0A, 0x0D, 0x13,
0x17, 0x48, 0x42, 0x01, 0x40, 0x4D, 0x0C, 0x02, 0x69]
v4=0x04
date=[]
print(len(byte30))
for i in range(len(byte30)-1,-1,-1):
k=byte30[i]^v4
date.append(k)
v4=k
for i in range(39):
print(chr(date[38-i]),end='')